Hello,
I have setup Mikrotik Router as a router, on the LAN side i have interface VLAN20 and i want VLAN20 to go through to WAN port without going through firewall, would this be possible ?
Ether1 WAN, VLAN20W
Ether2 LAN, VLAN20L
Bridge1, ports VLAN20W and VLAn20L
Thanks.
Re: vlan bypass from firewall
++
I also have a transparent bridge, where i use firewall rules to trim down unwanted traffic, how can i bypass vlan traffic from such shaping ?
its a simple bridge, ether1 and ether2 added as ports to Bridge1.
I also have a transparent bridge, where i use firewall rules to trim down unwanted traffic, how can i bypass vlan traffic from such shaping ?
its a simple bridge, ether1 and ether2 added as ports to Bridge1.
Re: vlan bypass from firewall
In your case, you added the ethernet interfaces to the bridge, and then built VLANs on those ethernet interfaces. The router doesnt know anything about those vlans. For the router, the L2 vlan traffic is just like any other L2 traffic, and gets bridged.
Then you applied "use-ip-firewall", which deals with L3 packets, and at the end, you probably have a drop all rule.
Since the vlan packets dont have any L3 headers, they are getting dropped, and there is really no good way to allow them to pass through firewall.
My advice is to tag all the traffic to the router, and then add individual VLAN ports to 2 separate bridges, one bridge for each vlan. Then firewall will see all the L3 traffic properly, and you can simply allow the traffic on one of the bridges in firewall.
Then you applied "use-ip-firewall", which deals with L3 packets, and at the end, you probably have a drop all rule.
Since the vlan packets dont have any L3 headers, they are getting dropped, and there is really no good way to allow them to pass through firewall.
My advice is to tag all the traffic to the router, and then add individual VLAN ports to 2 separate bridges, one bridge for each vlan. Then firewall will see all the L3 traffic properly, and you can simply allow the traffic on one of the bridges in firewall.